Archive for the ‘Jihad Recruitment’ Category

A few days ago the word got out that a new da’esh jihadi funding site had hit the darknet. Much of the reporting has been about the novelty around this idea which isn’t all that novel really. There was another site back in the day that was looking for bitcoin donations and was much more sketchy than this site is but who’s paying attention right? Anyway, this site is the next generation of jihobbyist funding by an unknown group of guys and it is novel in a couple of ways that in reading the other reports, was missed out on. In fact, one alleged expert just marked this site down as just another scam site when in fact, while it may in fact be a scam, it is much more nuanced than the usual fare you see in the darknet and thus, I judge it to be run by people who at least know the jihad well and understand the Hadiths.

The premise of the site is based on the Islamic notion of Sadaqah, which is misspelled for the jihobbyists on this site to make it catchy. Sadaqah, literally means charity or benevolence and is an apt name for this site because it is exactly that which they are seeking. It is an interesting area of Islam concerning your obligations for charity as well as public works and in this twist, the sadaqacoins crew is attempting, as others have, to manipulate the original intent of Sadaqah, for jihad and the furtherance of the war against the infidels. That this site is using trackable bitcoins and attempts to use a more opaque currency like Monero is novel only for the fact that this site is much more slick and put together than the others I have seen out there in the past. Honestly, much of the jihad has always been propped up on donations and the Hawala system since the beginning of the GWOT.

Of course this site not only wants to have the believers give them bitcoin for the jihad but they have funding programs for specific things like buying a sniper rifle or a truck that they can mount a gun on. Not much new here in the way of asking for donations like this inside the jihad. Now, what is new is that the site is open to “others” to suggest finding programs or “projects” as well so anyone could hit them up within different areas of the jihad to get this funding set up. This could be the big difference if this thing actually flies. Imagine more of the disparate cells asking for new projects and then setting up their own bitcoin wallets. This could mushroom a bit for the more savvy jihadi’s out there on the net looking to help but maybe not get blown up in the lands right?

In fact, the most interesting bit for me and for my old friend Onionscan, was the fact that these guys added an Eid celebration to the mix where you could donate for sacrifice. What this means is that you could help the jihadi’s celebrate Eid in country by funding their goat dinner. This is a bit that I think others missed in reporting this because of two reasons. First, these people who wrote about the site don’t understand the religion and the sociology, and two the site had been updated by the time I got to it with the Eid celebration. In fact, it was here that Onionscan puked out some interesting information about the mostly secure site. It seems that their Eid celebrations were in haste to be posted and they forgot to get rid of their EXIF data.

Oops.

Basically, the data that I managed to pull out of all these photos show that they are using a phone camera by Motorola and managed to not have their geolocation turned on. Of course this doesn’t mean they won’t mess up later and leave that kind of data in them for us to hoover up and use as coords for a hellfire visit. This all could be leveraged by the right players though to manipulate them to make a mistake in the future as well. I look forward to seeing where this all goes in the future. However as it stands now, their OPSEC is fair to medium. They did manage to give us a lot to work with though with all the email addresses to reach them on and their Telegram channels to infiltrate and get in their insides with.

Another point of interest for me on the OPSEC front was their choice of languages for the site. It seems that these jihadi’s like to speak German, Turkish, and English. These three languages are of note because the site has no area that is strictly in Arabi and that is an oddity. This implies that the group who set this up are English speakers, Turks, and Germans but not really well equipped to write and read Arabic and this kind of tracks with some of the intelligence that comes out of the da’esh circles over the last couple years. There has been an influx of foreign fighters to the jihad but really guys, no Arabi? Shame on you as good Muslims not at least being able to have a page in Arabi!

Meanwhile, back to the bitcoins. This site has 12 bitcoin wallets at the time of my assessment and NONE of them have any coin in there at all. Nothing, nada, niente. Of course the site is fairly new so I can see why it wouldn’t have any coin in there yet. In fact the site only popped up on my link search in the darknet on the 24th of August so there is that. (see below) So we need to give it time to see what else they do and if anyone actually donates. Once they do, well then we can track the coins and see who did what huh?

Well, this was an interesting diversion for a while but I am still kinda meh about the whole thing. I am gonna keep an eye on it and maybe visit those Telegram channels to see what other OPSEC FAIL’s they make. Until then, hey, it’s out there and it’s novel.

BOOGA BOOGA BOOGA JIHAD IN THE DARKNET BOOGA!

Derp.

K.

Rate this:

Ahmad Rahami, the new jihadi wannabe lone wolf du jour made a splash with his bombings of a dumpster and a trash bin on CNN and the other media outlets but let’s really take a closer look at Ahmed and his mindset with the release of his ersatz “journal of jihad” shall we? First off, I am tired of the media coverage and while this was serious, it just show’s you the level of recruit and planning that AQAP/AQ/da’esh have in the US presently and to wit, not very high. Frankly, looking at his journal pieces here I can only surmise that if Ahmad doesn’t have some sort of personality disorder it would greatly surprise me. On the other end of that spectrum, Ahmad clearly is a failed seeker acting out within the confines of his chicken shop malcontent diaspora in search of importance.

Ahmad opines the usual catch phrase diatribes seen in Inspire or Dabiq and on the web in general on the boards but seems to not really have a greater grasp of his own religion than most of the daeshbag recruits these days. Clearly he has been suckling at the tit of the jihadi propaganda machine and in fact had close contact with recruiters in Afghanistan and Pakistan where he spent a good deal of time in recent years on and off. These guys look for recruits who have weak wills and minds that can be easily swayed. Minds and hearts, ego’s in search of self importance that they lack presently but are told that they will be martyrs for the greater cause if they blow themselves or the far enemy up and it is bullshit.

All of the propaganda placed by these Khawarij are just a mental virus, neuro-linguistic programming, used to prey on the weak minded souls out there, those failed seekers in order to bring them in and turn them to the Khawarij will. For some time now the security services and governments of the world have been trying to see how they can combat these memetic viruses online and so far no one has been able to come up with a solid solution. Those wh0 are seeking will latch onto anything that they feel an attraction to and it has been since time immemorial. Cults, and religions both rely on this to build their base, belief is key and the means to that end is dogma.

In Ahmad’s diary we see this in action and we see the brain washing and self delusion that goes on here with the repetitive statements in this journal that he used to egg himself on to action. No doubt he wrote this out and continued to do so as he built the bombs. All of this, all the language is a means to an end to justify to himself his actions. Actions fed to him by the propaganda online, in person, and programmed into him and all the others who are willing to listen, to believe, and to act.

Weak minds.

Weak souls.

Pawns of the Khawarij.

I truly hope we can come up with a means to combat such memetic viruses but so far I see no hope of it. Prepare yourselves for the other weak minded jihobbyists out there to try and catch their own brass ring of importance. Just don’t let them enable fear to win and change the course of our governance to a fear based one… Well… One that is more so than it already is.

Dr. K.

Rate this:

In 2013 I wrote about leaderless jihad and the “Stand Alone Complex” Now we are seeing this type of leaderless, “inspired by” thought virus playing itself out on the national stage. Last nights attack using a lorrie was something that was presaged by two issues of Inspire Magazine back in 2010 and 2014. There isn’t much to it really to gather some weapons, steal a truck, and then plow it into a crowd but it has taken this long for the insidious idea to take root in the collective unconscious of the would be jihadi’s. The days of a more rigid and trained “jihad” are being eclipsed by would be unbalanced individuals seeking attention and reinforcement of their sick ideas through the media, the internet, and our collective inability to look away from a tragic scene on a glowing screen.

2014 Inspire

2010 Inspire 2 “Ultimate Mowing Machine”

Soft targets were always the preferred avenue of attack but now they are becoming seen as a top priority for security forces since the attacks in France and other places like Bangladesh. While Dahka on the face of it had a contingent of more trained individuals the attack last night is as simplistic as they come. This is what is really scaring the populace and the security services because now it seems that the authors and actors of these acts are in fact just one guy and not a cabal that they could perhaps track using pervasive surveillance. A cell of one is hard to track and certainly if they self radicalize by just downloading Inspire magazine and watching YouTube, well, what can one do? There are no easy answers here in the world of detection and prevention.

So here we have it, I have been pointing this out for a while and at first it was AQAP trying to inspire “OSJ” or Open Source Jihad. Now Dabiq and Da’esh are carrying it on and furthering it with the media zeitgeist that ensues with each attack. The net effect here is that these people are selfradicalizing with the help of the media’s obsession on covering ad nauseum these acts. The pervasive hand wringing and talking heads only serve to whet the appetite of the would be jihobbyist into action. Forget the Inspire magazines and the videos, just watch CNN and that is enough it seems. This all is very much like the plot line to “The Laughing Man” arc of Ghost In The Shell. An act carried out on the media instilled others to carry out like acts to be on the media and further the idea(l) as well as serve as a means to self fulfil the actors need for attention and satisfaction.

This is pure psychology at work and there are a host of reasons and syndromes that could likely be pointed at to rationalize it’s happening. The fact of the matter is that now we are seeing it play out rather bloodily on the streets of the world in furtherance of an idea and ideal set that lends itself to the like minded.. Or should I say mentally ill? Yes, I would say mentally ill. These actors are acting out and likely have some borderline tendencies to start with. These people feel outcast in their societies or out of place within the societies they are living in as a second generation citizen. It is a complex thing to nail down and I suggest that anyone who might want to delve into it further read “Leaderless Jihad” by Marc Sageman.

We need a more nuanced approach to the GWOT and I am afraid we won’t get that…

Recently, a reporter that I know came to me asking if I would look at this ICIT-Brief-The-Anatomy-of-Cyber-Jihad1 and give input on it. They wanted to have my opinion because the firm that wrote it was seeking a reporter to flog it on their news site. I told the reporter after looking at the “analysis” this exact quote; “This report is the marketing equivalent of yelling fire in a crowded theater” Well, it seems that CNBC bought it though and my hand has been forced to write about this travesty. ( CNBC Report that forced my hand ) I told the reporter to back away slowly and to their credit they did. CNBC not so much. So here I am going to outline how this report is full of marketing and cognitive bias and wild assumptions. Oh, and that is if you can get past the hyperbolic language in the first graph…

I shit you not..

Cyber Caliphate & Junaid Hussain:

The report goes on a long time talking about Da’esh and their origins. While much of that data is right on the report starts to go off the rails once they begin talking about the “cyber” part of the picture. They start off by talking about Juny and his cybering, the defacements out there, and the propaganda war that is still ongoing by the likes of Da’esh, AQAP, Boko Haram, etc. Which is all fine, mostly accurate, but then they start to talk about “possible capabilities” after they just pretty much said “They aren’t that capable” Cognitive dissonance much there guys? The truth of the matter is that to date, the propaganda war is the biggest and most dangerous war here, not the so called cyber war that this “analysis” is pimping. I have been following this stuff since 2001 and Juny is the new Younis Tsouli really, both were/are moderately skilled in hacking but not much more than that. Both were much more a propaganda figures, and more dangerous in that capacity than any of their hacking skills. In fact, in the case of Younis, he got the heat and popped for that very reason, he was making a splash and attracting followers. Juny had that very same skill set and became much bigger a deal because he caught the zeitgeist for the jihobbyists out there with his mouth on Twitter. This is why he was killed with a hellfire, not because he hacked any big databases or got the real dope from some hack. In short, both were a danger because they had followers, and those followers were radicalising off of their jihadi bluster online and caches of propaganda from the main marketing teams of their respective terrorism groups. (AQ for Younis and Da’esh for Juny)

Of course the report would not be scary enough without the “Cyber Caliphate” an operation that Juny lamented was just him, no one else, before he got whacked on Telegram. That’s right kids, Juny was pimping something and making shit up. Once Juny got whacked you know what happened? Groups of guys like Team Fallaga took up the mantle and went on to deface pages like the dickens! “OOH SCARY DEFACEMENT BRO” While the report states this, and some of the other information I just mentioned, they then go on to analyse and say that these guys aren’t capable now but someday… SOMEDAY they could be. Oh really? You don’t say! Sure it is possible but it is not likely. Given that most APT activity takes money, time, and cohesion, the jihadi’s are all over the place and usually small disparate groups of skiddies, not solid hackers. So, the scare tactic of analysis is way off the mark in this report and this is why I told the reporter to step back slowly from their pitch. If this group had left it at that, it could happen but it is not likely I would have had some respect for them. Instead they chose the other scare the client into buying shit route. As for Cyber Caliphate and all their other silly acronyms, none have shown that they are a credible threat to much else than an insecure web page. No real data has been hacked and their “data drops” of enemies to kill have all come from open sources on the internet. Sure, is it problematic that they are doing this? Sure. Is it a clear and present danger of cyber capabilities that they could strike the grid next?

No.

Just stop.

Jihadi Helpdesk

CYBER JIHADI DARKNETS

Of course these guys could not miss an opportunity to scare and of course they had to use the scary “Dark Net” or “Deep Web” I have been on the dark net for a long time and I will tell you I have found a few sites but nothing there is that scary. In fact, to date, the sites either have been hacked soon after and taken down, or just sit unused. So really, the dark net is no threat here. Sure, the jihadi’s are using technology to obfuscate their chats now and trying to hide in the “deep web” of un-spidered content but the reality is most of this stuff is non operational. What the jihad today (Da’esh) wants mostly is to radicalize and activate those in the US like Omar Mateen without even really having contact with them.

OMG DARKNETS!

I recently gave a presentation at Mass Hackers on “Online Jihad” which went very well. While I was covering the online jihad, the topic of Darknet Jihad came up as well, it usually does when anyone talks to me about the subject. Well, since giving that presentation I have seen various and sundry gubment types claiming that the “Jihadi’s are using the darknet! OMG! It’s why we need to have crypto front doors and de-anonymize the darknets!!!!”

*Baleful stare*

I am writing this post to set the record straight and to make a point… A cryptic point that someone reading this will get and you know who you are. The darknet is on the whole NOT being used by jihadi’s to hide their comm’s in the sense of going to darknet sites. Please for the love of everything sane, all you gubment types and wanna be spies get that the fuck into your heads right the fuck now.

Yes, the jihadi’s are using TOR and other VPN’s in attempts to hide their traffic on the “clearnet” but no, they are not gathering in large groups in hidden services sites on the actual “darknet” This is an important difference that many in the media and in the government either don’t get or don’t want to get in favor of having a scary scary thing to say to get the other ossified gubment workers (aka the Senate and House) to capitulate out of fear to their crypto breaking desires.

So lemme mansplain for you all about just what is going on in the darknet and what is not ok?

Darknet Jihad Funding

Credit for screen shot Joe Cox and a hat tip for pointing out that it was there on the darknets.

What you see above this text are two sites that have appeared in the darknet and these have been the most tangible and visible of anything out there to date. The top picture is from a site that had a real bitcoin address and appeared in 2013 I believe. I wrote about it back then at least so maybe it was around in 2012. In the end though it amassed about 1200 bucks and then it was cashed out. Personally I think it was a scam site but who’s to know really.

The second more recent site is directly supposed to be a Da’esh site and it appeared last month on the darknet. It’s bitcoin address is real as well but to date has had no money put on it. This site too smells more like a fake or a dangle by an agency than anything else. Why? Because the fact of the matter is that to date, I nor anyone I know in the know, have found ANY other sites out there on the darknet, in the hidden services, at all that is jihadi in origin or aegis. None. Niente. Nada.

Of course there may be super secret sites that only a select few know the address of or maybe they are just using other sites like market places as dead drops but even this sounds a little too esoteric for the nitwits we see today in jihad and jihobbyism online. There is just no there there man, nothing to hang your crypto is bad hat on Mr. gubment guy! Ok ok ok, there was one upload to a file server in the darknet for one manual but the link was given on the clearnet jihadi board so how the fuck super secret is that?

Meanwhile Back In The Clearnet….

Ok so now that I have made myself I think crystal clear, let’s talk about what the jihadi’s are doing that I and others like me have seen. For the most part they have taken to TOR and TAILS like a mother since the Snowman dumps. This is to be expected right? I mean, look at all of us in the security community talking about this shit too right? If we say that it is better to TOR up or use TAILS to protect our basic security and privacy it stands to reason that these jihadi mo mo’s will too huh?

This is not rocket science kids…

Oh and yeah, since TOR has become every so user friendly, it is a natch that these guys will install it and use it on anything and everything that can run it. If you look below here you can see how they are using various tools on various platforms like Android just to reach their Da’eshbag Twitter accounts so they can spew their derpy propaganda!

So yeah, they are using TOR, TAILS, and anything else they think will give them an extra layer of protection. I have seen tutorials in Arabi all over the place for them to use and the mandate from the Da’eshbag pooba’s on how to be secure online. This however does not stop them from getting a JDAM shoved up their asses though when they take selfies am I right?

Derp… KABOOM!

Right, anyway, the skinny is that until these guys are all digital natives they aren’t going to be living and lurking in the darknets. Sure, they will have TOR, and sure they will have encrypted chats but hey, WHEN THE FUCK DID WE NOT HAVE THOSE OPTIONS TO START HUH? Really, for fucks sake stop it with the scare tactics USGOV and every god damned three letter agency! How about this, you say fuck all to the tech fixation and the shortcuts and you all get your HUMINT game back on?

That is how you will win this war. Make friends, find out where they are, and then JDAM the fuckers.

Another site lists a file on the site for that time showing a pdf for a .50 cal rifle: contru�ao rifle:p2uekn2yfvlvpzbu.onion/arm/50calRifleConstructionManual.pdf Neither of these says jihadi site etc and unfortunately I have not seen an archive of the site.

Correction II:

I had a chat with @Apate1114 and they gave me a correction to the above. They provided a bad link there. The link is in fact instead: aub35xzuj7wslusm.onion and is no longer up. The site that was linking it in 2013 is seen below:

This site, aljyyosh, calls the onion site موقع عربي غريب which is “weird website” Since then, nothing has been seen of this site in the onion but as you can see on aljyosh there are plenty of tutorials on how to Tor.

Rate this:

A Cosmic War

A recent article in The Atlantic has staked the claim that daesh is a millenarian cult bent on bringing the apocalypse upon the world. The article uses recent materials from Dabiq (the daesh propaganda magazine) and cites interviews with the likes of Anjem Choudary to back it’s case that not only is the group Muslim (well that is a given right?) but also that they are battling to re-create the Caliphate to bring the end times upon us all. A great battle with Shaytan (شيطان‎,) and even Jesus will ensue and in the end the Caliphate will win and all kufr will be destroyed.

*hangs head*

After reading the article in it’s entirety I just had to sit back and wonder at the over simplification that just had been perpetrated on us all by this reporter. I think he frankly went to the George Bush school of Islamic Comprehension but I had to go back and read through all the issues of Dabiq to confirm or deny what the author was saying. Five issues of Dabiq later, I am still of the opinion that the article is off the mark where this is all concerned. I also believe that once again it is another classic case of a reporter writing about things without deep knowledge of them but yet speaking on them as if he were. Here are some salient facts that the Atlantic failed to talk about in this article;

Hadiths Versus Qu’ran: Much of what daesh uses as exhortations and rationalizations for their actions come from the Hadiths (prophetic traditions) which basically are a grouping of sayings written long after the prophet was gone. So much of what is there is subject to doubt because this is based on memory or just made up whole cloth to be companion pieces and re-enforce certain ideals. This of course is also coming from religion and all religions have their books which were written a long time after the people involved had passed on. So the use of these even further separated texts from their original oral traditions that finally got written down is reason enough to doubt their validity.

The Caliphate and Millenarian Prophecy: daesh seems to be only recently really interested in the millenarian slant on their battle with the kufr of the world and apostasy in general. In looking at their propaganda over the arc of their arrival and dominance it can be seen that this is a new feature. Specifically you can see this arc over the 5 issues of Dabiq magazine. This rhetoric over a cosmic war and the use of the eschatology concerning Rome, the Crusades, and the great battle with Shaytan (إبليس) frankly is only being leveraged now to give their base a boost as well as is a well thought out propaganda tool. The daesh want to recruit and they, unlike AQ/AQAP and Inspire found the right mix that has seemed to, in tandem with their actual taking of lands and creating a so called “caliphate” made all the difference in getting recruits to come to the new Afghanistan. This melange of things, rhetoric, tales of epic battles, use of ultra violent means, and the propganda generated from it is what daesh is about and using it, not necessarily I think do the core believe all that they are putting out there. I have yet to see Al Baghdadi speak on these things at all.

The Language of Crusades and Rome: Another bone to pick here that I have is that the claptrap of using Rome and the Crusades is that they post date the prophet by quite a long time. You can see that daesh is carefully cultivating a look and feel using key words and ideals that resonate with people concerning the wound that is the Crusades. Honestly, this is just a hot button use of terminology and imagery that Bush only exacerbated when he said “This crusade, this war on terrorism is going to take a while. ” I remember face-palming when he said this on live air. Now the daesh and their acolytes use this all the time as a rallying call evincing images of Salahuddin but removing any of his more temperate decisions or commands concerning the greater war on the lands of the ummah.

Propaganda Wars and Recruitment: The article fails to take into account that nothing daesh says should be taken at face value. The reporter goes on to talk to a few true believers (aka the deluded) in Britain and elsewhere but, as you can see, they are not in Syria are they? They are propaganda mouth pieces only and the fact of the matter is that all of what we have seen has been carefully created propaganda by the media wing Al Hayat. When reporters talk about daesh and all of what has been going on of late they always remark on the professional quality of the videos and other media being put out. Well, there you have it, it is propaganda and if you just believe that this is all that daesh is about, well, you have been fooled. This is all a means to an end to intimidate as well as recruit.

Politics, Power, and Money: No matter how much the daesh clothe their movement in the millenarian trappings that you see in Dabiq, this is not just about a cosmic war. This is about power and politics as well as money. The daesh are now trying to mint coins as well as raking in huge amounts from the oil fields that they have taken in Iraq. No doubt if the caliphate ever really normalizes you will see Baghdadi and his core living well somewhere, not in fact frugally with the people.

The Apostasy of daesh and Islamism: Finally, the daesh are the most apocryphal and apostatic group out there today. The use of the hadiths to rationalize their brutality is just a means to an end for control over the people. Fear of violence clothed in snippets of hadiths is apostasy in itself. They have carried out atrocities that Salahuddin would be shamed by never mind the prophet and if they TRULY believed in the teachings of the various books, then they would not be doing these things. So when the arguments start over Islamism/Jihadism and their book being the source of all the ills of the world much of it can be blamed on this one dimensional reporting in the Atlantic.

Once You Name A Thing You Have Power Over It

I guess in the end this Atlantic article serves the purpose of the US and others who don’t have the wherewithal to take the time to understand Islam, the region, and its history to give them an understandable bogey man. After all, in looking at the US governments answers to daesh thus far I for one can see this simplification to be of use to them. It has been hard to troll the daesh as we have seen with the “Think again turn away” program by (@CEP) and a nuanced approach is, well, nuanced. Don’t get me wrong, this whole thing is as complex as it gets but if daesh wants to simplify it all to gather recruits with their cosmic war propaganda well then turn about is fair play right? So go ahead CEP, use this and troll the living daylights out of it.

Sadly though, I fear they won’t do this..

However, everyone should know that this is not just some epic battle of good and evil. Satan and Jesus. This is not a millenarian cult in the least bit at its core and to think so is just stupid. I hope at least that this article does not cause even more troubles with Islamophobia amongst the uninitiated and stir more hate. Frankly, as I have said on Twitter recently; “If you want to paint daesh as an apocalyptic cult you may as well also paint Christianity as well. I mean, they are the ones who wrote revelation right?” It’s not the book but those who use the book for their own agenda. In the case of daesh, they aren’t even using the book, they are just winging it.

K.

Rate this:

The Cyber Caliphate Hacks Newsweek and DCITA:

Since the hack on the Pentagon’s CENTCOM Twitter feed and the dropping of dox from someone’s email/phone/machine the so called “CyberCaliphate” had been looking for another target and it seems that they did find a couple in the Newsweek Twitter feed and someone at DCITA(DC3) Defense Base group. On February 10th the Newsweek twitter feed began posting data from another hacked account within the military, albeit the Defense Base side of the house, that showed the Caliphate had culled FOUO data from the DCITA. The documents dumped in screen shot form show internal rosters of phone numbers, some org charts, and other mostly uninteresting documents that are not super secret though sensitive enough to be problematic.

DOCUMENTS LEAKED

PS.. Dear feds, please don’t give me 10 years and a RICO conviction for just posting shit that is already in the open and is FOUO to start ok? *derp*

By problematic I mean that there are some tidbits in there like phone numbers and the types of jobs that these guys hold as well as who they work for, like the guy from the NSA who is signed up for classes. More at issue for me though is that if you look at the email addresses used you see that some of these guys are using YAHOO and GMAIL as their point of contacts! Why is this a problem? Well, because this is supposed to be a group tasked with the security of defense base companies like Pratt & Whitney, Lockheed, and others. Using GMAIL or YAHOO as their primary contact, hell, even a secondary places the information they hold potentially at risk from hacking… Like their shit being stolen and posted on a newly created website and a twitter feed right? This is TERRIBLE OPSEC and COMSEC kids!

The Attribution Games Begin:

Overall the data is mostly uninteresting as these things go. What is interesting though to me is the kerfuffle that Caliphate is causing and now the crazy attribution game that is going on out there trying to pin these hacks on someone. Originally when the first hack and dump happened the first person that everyone started pointing their collective fingers at was Junaid Hussain ( @AbuHussainIS ) but he actually denied being involved while laughing about the whole thing. Could Juny have something to do with it? Maybe, but he is in Syria and seems to have his own problems lately just trying to keep a twitter feed up. With this second hack and dump though another ersatz attribution wonk claimed that in fact the hacker in question was in fact an Algerian hacker going by the moniker PoTi-SaDz This reporter *cough* made some bold claims but provides no other proof than there is a commonality between the words on defacements made by the Team System DZ crew.

This guys contention is that because the imagery is similar in some of their defacements and the use of :”i Love ISIS” as a slogan clinches it that PoTi SaDz is the infamous Caliphate hacker. Well Matt, I have some other thoughts on that and you should pay attention. First off, please present a little more proof before you play the attribution game. Do you have a source? A snitch? Something other than some poor assumptions to make these claims? Let me give you some for instances here to consider after looking at these guys.

You claim that they stopped defacing in 2014 and that is incorrect (see screen shot below)

Have you seen the English used by these guys? It is broken and bespeaks someone who does not really speak it. Now go look at cyb3rc.com and tell me that isn’t a fluent speaker

PoTi-SaDz M.O. so far has only been defacements and shows no other skill sets to speak of in hacking other systems that might dump these kinds of files

Nothing on the Caliphate’s posts shows any of these confusions, this person(s) knows about ISIS and is at least on the face of it making a good show of being a supporter without the cluelessness of PoTi

SCREEN SHOTS

So once again, let’s not worry about who did the hacking! Instead let’s focus on how the hack happened in the first place! How did DCITA get powned in the first place? The hack so far looks to be low level, maybe someone’s email or a box that was insecure at the end user level who likely had stuff where they shouldn’t. The whole problem here is that everyone is all up in arms about CENTCOM’s and now DCITA’s stuff being hacked (ERMEGERD) by the daeshbags!

*hangs head*

Trust me people, it would be a better use of time trying to figure out how this shit happened to people who should know better than trying to chase down derpy low level hackers like Caliphate. Wake me when Caliphate hacks something important ok? Until then let me go back to important things like Twitter and watching others fiddle while their digital Rome burns to the ground. Meanwhile, PSSSSST DC3, WTF dudes? Stop this shit! You have important data to watch leave Lockheed’s network! Yeah, I remember fondly the JSF data exfil! Those were the days…